qemu/crypto/block-qcow.c

   1 /*
   2  * QEMU Crypto block device encryption QCow/QCow2 AES-CBC format
   3  *
   4  * Copyright (c) 2015-2016 Red Hat, Inc.
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
  18  *
  19  */
  20
  21 /*
  22  * Note that the block encryption implemented in this file is broken
  23  * by design. This exists only to allow data to be liberated from
  24  * existing qcow[2] images and should not be used in any new areas.
  25  */
  26
  27 #include "qemu/osdep.h"
  28 #include "qapi/error.h"
  29
  30 #include "crypto/block-qcow.h"
  31 #include "crypto/secret.h"
  32
  33 #define QCRYPTO_BLOCK_QCOW_SECTOR_SIZE 512
  34
  35
  36 static bool
  37 qcrypto_block_qcow_has_format(const uint8_t *buf G_GNUC_UNUSED,
  38                               size_t buf_size G_GNUC_UNUSED)
  39 {
  40     return false;
  41 }
  42
  43
  44 static int
  45 qcrypto_block_qcow_init(QCryptoBlock *block,
  46                         const char *keysecret,
  47                         Error **errp)
  48 {
  49     char *password;
  50     int ret;
  51     uint8_t keybuf[16];
  52     int len;
  53
  54     memset(keybuf, 0, 16);
  55
  56     password = qcrypto_secret_lookup_as_utf8(keysecret, errp);
  57     if (!password) {
  58         return -1;
  59     }
  60
  61     len = strlen(password);
  62     memcpy(keybuf, password, MIN(len, sizeof(keybuf)));
  63     g_free(password);
  64
  65     block->niv = qcrypto_cipher_get_iv_len(QCRYPTO_CIPHER_ALG_AES_128,
  66                                            QCRYPTO_CIPHER_MODE_CBC);
  67     block->ivgen = qcrypto_ivgen_new(QCRYPTO_IVGEN_ALG_PLAIN64,
  68                                      0, 0, NULL, 0, errp);
  69     if (!block->ivgen) {
  70         ret = -ENOTSUP;
  71         goto fail;
  72     }
  73
  74     block->cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
  75                                        QCRYPTO_CIPHER_MODE_CBC,
  76                                        keybuf, G_N_ELEMENTS(keybuf),
  77                                        errp);
  78     if (!block->cipher) {
  79         ret = -ENOTSUP;
  80         goto fail;
  81     }
  82
  83     block->payload_offset = 0;
  84
  85     return 0;
  86
  87  fail:
  88     qcrypto_cipher_free(block->cipher);
  89     qcrypto_ivgen_free(block->ivgen);
  90     return ret;
  91 }
  92
  93
  94 static int
  95 qcrypto_block_qcow_open(QCryptoBlock *block,
  96                         QCryptoBlockOpenOptions *options,
  97                         QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
  98                         void *opaque G_GNUC_UNUSED,
  99                         unsigned int flags,
 100                         Error **errp)
 101 {
 102     if (flags & QCRYPTO_BLOCK_OPEN_NO_IO) {
 103         return 0;
 104     } else {
 105         if (!options->u.qcow.key_secret) {
 106             error_setg(errp,
 107                        "Parameter 'key-secret' is required for cipher");
 108             return -1;
 109         }
 110         return qcrypto_block_qcow_init(block,
 111                                        options->u.qcow.key_secret, errp);
 112     }
 113 }
 114
 115
 116 static int
 117 qcrypto_block_qcow_create(QCryptoBlock *block,
 118                           QCryptoBlockCreateOptions *options,
 119                           QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
 120                           QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
 121                           void *opaque G_GNUC_UNUSED,
 122                           Error **errp)
 123 {
 124     if (!options->u.qcow.key_secret) {
 125         error_setg(errp, "Parameter 'key-secret' is required for cipher");
 126         return -1;
 127     }
 128     /* QCow2 has no special header, since everything is hardwired */
 129     return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, errp);
 130 }
 131
 132
 133 static void
 134 qcrypto_block_qcow_cleanup(QCryptoBlock *block)
 135 {
 136 }
 137
 138
 139 static int
 140 qcrypto_block_qcow_decrypt(QCryptoBlock *block,
 141                            uint64_t startsector,
 142                            uint8_t *buf,
 143                            size_t len,
 144                            Error **errp)
 145 {
 146     return qcrypto_block_decrypt_helper(block->cipher,
 147                                         block->niv, block->ivgen,
 148                                         QCRYPTO_BLOCK_QCOW_SECTOR_SIZE,
 149                                         startsector, buf, len, errp);
 150 }
 151
 152
 153 static int
 154 qcrypto_block_qcow_encrypt(QCryptoBlock *block,
 155                            uint64_t startsector,
 156                            uint8_t *buf,
 157                            size_t len,
 158                            Error **errp)
 159 {
 160     return qcrypto_block_encrypt_helper(block->cipher,
 161                                         block->niv, block->ivgen,
 162                                         QCRYPTO_BLOCK_QCOW_SECTOR_SIZE,
 163                                         startsector, buf, len, errp);
 164 }
 165
 166
 167 const QCryptoBlockDriver qcrypto_block_driver_qcow = {
 168     .open = qcrypto_block_qcow_open,
 169     .create = qcrypto_block_qcow_create,
 170     .cleanup = qcrypto_block_qcow_cleanup,
 171     .decrypt = qcrypto_block_qcow_decrypt,
 172     .encrypt = qcrypto_block_qcow_encrypt,
 173     .has_format = qcrypto_block_qcow_has_format,
 174 };